Add templates/traefik.yaml

templates/traefik.yaml

@@ -0,0 +1,44 @@
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: {{ .Chart.Name }}
+  namespace: {{ .Values.namespace }}
+spec:
+  routes:
+    - kind: Rule
+      match: {{ .Values.expose.match }}
+{{- if .Values.expose.middlewares }}
+      middlewares:
+        {{ toYaml .Values.expose.middlewares }}
+{{- end }}
+      services:
+        - name: {{ .Values.expose.service.name }}
+          port: {{ .Values.expose.service.port }}
+          namespace: {{ .Values.namespace }}
+{{ if has "authentik" .Values.expose.middlewares }}
+---
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: authentik
+  namespace: {{ .Values.namespace }}
+spec:
+  forwardAuth:
+{{- $regexArray := mustRegexFindAll "Host[(]`[^`]+`[)]" .Values.expose.match -1 }}
+{{- $firstHost := index $regexArray 0 }}
+{{- $hostname := regexReplaceAll ".+`([^`]+)`.+" $firstHost "$1"}}
+    address: https://{{ $hostname }}/outpost.goauthentik.io/auth/traefik
+    authResponseHeaders:
+      - X-authentik-username
+      - X-authentik-groups
+      - X-authentik-email
+      - X-authentik-name
+      - X-authentik-uid
+      - X-authentik-jwt
+      - X-authentik-meta-jwks
+      - X-authentik-meta-outpost
+      - X-authentik-meta-provider
+      - X-authentik-meta-app
+      - X-authentik-meta-version
+    trustForwardHeader: true
+{{ end }}